internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-07 13:53:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
fix_image_build
ansible-freeipa/tests/service/test_service_keytab.yml
Rafael Guterres Jeffman b5e93c705f Fix allow_retrieve_keytab_host in service module. 
The attribute `allow_retrieve_keytab_host` was not working due to
wrong processing of the input and verification if the values should
be updated. Both the issues are fixed by this change.

Tests were added to better verify service keytab members.
2020-08-11 16:23:15 -03:00

398 lines
11 KiB
YAML
Raw Permalink Blame History

---
- name: Test service
hosts: ipaserver
become: yes
tasks:
# setup
- name: Setup test envirnoment.
include_tasks: env_setup.yml
# Add service to test keytab create/retrieve attributes.
- name: Ensure test service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
- PAD
auth_ind: otp
force: yes
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
# tests
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_group:
- group01
- group02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_group:
- group01
- group02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_group:
- group01
- group02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_group:
- group01
- group02
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
state: absent
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_group:
- group01
- group02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_group:
- group01
- group02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_group:
- group01
- group02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_group:
- group01
- group02
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
# cleanup
- name: Clean-up envirnoment.
include_tasks: env_cleanup.yml
Reference in New Issue View Git Blame Copy Permalink